diff options
| author |   Benjamin Smee <strerror@gentoo.org> | 2005-10-08 14:04:11 +0000 |
|---|---|---|
| committer | Benjamin Smee <strerror@gentoo.org> | 2005-10-08 14:04:11 +0000 |
| commit | 2911ae894fc5203cd9016765d029363c3b66f0cf (patch) | |
| tree | b0bf0119e70de72f6bad7070af69a6e62a2d4022 | |
| parent | Initial import (diff) | |
| download | gentoo-2-2911ae894fc5203cd9016765d029363c3b66f0cf.tar.gz gentoo-2-2911ae894fc5203cd9016765d029363c3b66f0cf.tar.bz2 gentoo-2-2911ae894fc5203cd9016765d029363c3b66f0cf.zip | |
Initial import
(Portage version: 2.0.51.22-r3)
| -rw-r--r-- | net-analyzer/sguil-sensor/ChangeLog | 10 | ||||
| -rw-r--r-- | net-analyzer/sguil-sensor/Manifest | 4 | ||||
| -rw-r--r-- | net-analyzer/sguil-sensor/files/digest-sguil-sensor-0.5.3 | 1 | ||||
| -rw-r--r-- | net-analyzer/sguil-sensor/files/log_packets.initd | 91 | ||||
| -rw-r--r-- | net-analyzer/sguil-sensor/files/sensor_agent.initd | 30 | ||||
| -rw-r--r-- | net-analyzer/sguil-sensor/metadata.xml | 8 | ||||
| -rw-r--r-- | net-analyzer/sguil-sensor/sguil-sensor-0.5.3.ebuild | 88 | ||||
| -rw-r--r-- | net-analyzer/sguil-server/ChangeLog | 10 | ||||
| -rw-r--r-- | net-analyzer/sguil-server/Manifest | 4 | ||||
| -rw-r--r-- | net-analyzer/sguil-server/files/digest-sguil-server-0.5.3 | 1 | ||||
| -rw-r--r-- | net-analyzer/sguil-server/files/sguild.confd | 23 | ||||
| -rwxr-xr-x | net-analyzer/sguil-server/files/sguild.initd | 48 | ||||
| -rw-r--r-- | net-analyzer/sguil-server/metadata.xml | 8 | ||||
| -rw-r--r-- | net-analyzer/sguil-server/sguil-server-0.5.3.ebuild | 102 |
14 files changed, 428 insertions, 0 deletions
diff --git a/net-analyzer/sguil-sensor/ChangeLog b/net-analyzer/sguil-sensor/ChangeLog new file mode 100644 index 000000000000..c7fbef3b990c --- /dev/null +++ b/net-analyzer/sguil-sensor/ChangeLog @@ -0,0 +1,10 @@ +# ChangeLog for net-analyzer/sguil-sensor +# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sguil-sensor/ChangeLog,v 1.1 2005/10/08 14:04:11 strerror Exp $ + +*sguil-sensor-0.5.3 (08 Oct 2005) + + 08 Oct 2005; Benjamin Smee <strerror@gentoo.org> +files/log_packets.initd, + +files/sensor_agent.initd, +metadata.xml, +sguil-sensor-0.5.3.ebuild: + Initial import + diff --git a/net-analyzer/sguil-sensor/Manifest b/net-analyzer/sguil-sensor/Manifest new file mode 100644 index 000000000000..a9f122ba1196 --- /dev/null +++ b/net-analyzer/sguil-sensor/Manifest @@ -0,0 +1,4 @@ +MD5 78e14d710be336f53152c5f9c06da4b7 sguil-sensor-0.5.3.ebuild 2341 +MD5 7dea1d8d6ed9dadaa3768e6ba138fe76 files/digest-sguil-sensor-0.5.3 69 +MD5 5c55306dbda0309d4c2602d9d85d544b files/log_packets.initd 2102 +MD5 eafeeec66dc5b155a58067d03baccc8b files/sensor_agent.initd 794 diff --git a/net-analyzer/sguil-sensor/files/digest-sguil-sensor-0.5.3 b/net-analyzer/sguil-sensor/files/digest-sguil-sensor-0.5.3 new file mode 100644 index 000000000000..e75aa2ff25cd --- /dev/null +++ b/net-analyzer/sguil-sensor/files/digest-sguil-sensor-0.5.3 @@ -0,0 +1 @@ +MD5 681fa7e99aa674c0e2be4788ef503d69 sguil-sensor-0.5.3.tar.gz 89816 diff --git a/net-analyzer/sguil-sensor/files/log_packets.initd b/net-analyzer/sguil-sensor/files/log_packets.initd new file mode 100644 index 000000000000..470d34a5c306 --- /dev/null +++ b/net-analyzer/sguil-sensor/files/log_packets.initd @@ -0,0 +1,91 @@ +#!/sbin/runscript +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sguil-sensor/files/log_packets.initd,v 1.1 2005/10/08 14:04:11 strerror Exp $ + +opts="start stop cleandisk" + +[ -d "${LOG_DIR}" ] && LOGDIR="/var/log/sguild" + + +start() { + ebegin "Starting Sensor Agent" + if [ ! -x /usr/bin/snort ] + then + eerror "No snort - cannot start" + eend 1 + return 1 + fi + if [ ! -d ${LOG_DIR} ] + then + mkdir -p ${LOG_DIR} + chmod 770 ${LOG_DIR} + fi + + today=$(date '+%Y-%m-%d') + + if [ ! -d "${LOG_DIR}/${today}" ] + then + mkdir "${LOG_DIR}/${today}" + chmod 770 "${LOG_DIR}/${today}" + fi + start-stop-daemon --start -c sguil --pidfile /var/run/sguil/logpackets.pid \ + --exec /usr/bin/snort \ + -- ${OPTIONS} -l "${LOG_DIR}/${today}" -b -i "${INTERFACE}" "${FILTER}" + real_cleandisk + eend $? +} + +stop() { + ebegin "Stopping Sensor Agent" + start-stop-daemon --stop --quiet --pidfile /var/run/sguil/logpackets.pid + eend $? +} + +cleandisk() { + ebegin "Cleaning Disk" + real_cleandisk + eend $? +} + +# This func checks the current space being used by LOG_DIR +# and rm's data as necessary. +real_cleandisk() { + einfo "Checking disk space (limited to ${MAX_DISK_USE}%)..." + # grep, awk, tr...woohoo! + CUR_USE=$(df ${LOG_DIR} | grep -v -i filesystem | awk '{print $5}' | tr -d %) + einfo " Current Disk Use: ${CUR_USE}%" + + if [ ${CUR_USE} -gt ${MAX_DISK_USE }] + then + # If we are here then we passed our disk limit + # First find the oldest DIR + cd "${LOG_DIR}" + # Can't use -t on the ls since the mod time changes each time we + # delete a file. Good thing we use YYYY-MM-DD so we can sort. + OLDEST_DIR=$(ls | sort | head -n 1) + cd "${OLDEST_DIR}" + + OLDEST_FILE=$(ls -t | tail -n 1) + + if [ -f "${OLDEST_FILE}" ] + then + einfo " Removing file: ${OLDEST_DIR}/${OLDEST_FILE}" + rm -f "${OLDEST_FILE}" + else + einfo " Removing empty dir: ${OLDEST_DIR}" + cd .. + rm -rf "${OLDEST_DIR}" + fi + + # Run cleandisk again as rm'ing one file might been enough + # but we wait 5 secs in hopes any open writes are done. + sync + einfo " Waiting 5 secs for disk to sync..." + sleep 5 + real_cleandisk + else + einfo "Done." + fi +} + diff --git a/net-analyzer/sguil-sensor/files/sensor_agent.initd b/net-analyzer/sguil-sensor/files/sensor_agent.initd new file mode 100644 index 000000000000..22f8ad372fc2 --- /dev/null +++ b/net-analyzer/sguil-sensor/files/sensor_agent.initd @@ -0,0 +1,30 @@ +#!/sbin/runscript +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: + +depend() { + need net +} + +checkconfig() { + if [ ! -e /etc/sguil/sensor_agent.conf ] ; then + eerror "You need an /etc/snort/sensor_agent.conf to run the Sensor Agent" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting Sensor Agent" + start-stop-daemon --start -c sguil --pidfile /var/run/sguil/sensor.pid \ + --quiet --exec /usr/bin/sensor_agent.tcl -- -D -c "/etc/sguil/sensor_agent.conf">/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping Sensor Agent" + start-stop-daemon --stop --quiet --pidfile /var/run/sguil/sensor.pid + eend $? +} + diff --git a/net-analyzer/sguil-sensor/metadata.xml b/net-analyzer/sguil-sensor/metadata.xml new file mode 100644 index 000000000000..49f20b1c1d96 --- /dev/null +++ b/net-analyzer/sguil-sensor/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>netmon</herd> +<maintainer> + <email>strerror@gentoo.org</email> +</maintainer> +</pkgmetadata> diff --git a/net-analyzer/sguil-sensor/sguil-sensor-0.5.3.ebuild b/net-analyzer/sguil-sensor/sguil-sensor-0.5.3.ebuild new file mode 100644 index 000000000000..05b6385227c3 --- /dev/null +++ b/net-analyzer/sguil-sensor/sguil-sensor-0.5.3.ebuild @@ -0,0 +1,88 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sguil-sensor/sguil-sensor-0.5.3.ebuild,v 1.1 2005/10/08 14:04:11 strerror Exp $ + +inherit eutils + +DESCRIPTION="Sensor part of sguil Network Security Monitoring" +HOMEPAGE="http://sguil.sourceforge.net" +SRC_URI="mirror://sourceforge/sguil/sguil-sensor-${PV}.tar.gz" + +LICENSE="QPL" +SLOT="0" +KEYWORDS="~x86" +IUSE="" + +DEPEND=">=dev-lang/tcl-8.3" +RDEPEND="${DEPEND} + >=net-analyzer/snort-2.4.1-r1 + >=net-analyzer/barnyard-0.2.0-r1 + net-analyzer/sancp + dev-ml/pcre-ocaml" + +S=${WORKDIR}/sguil-${PV} + +pkg_setup() { + if built_with_use tcl threads ; then + eerror + eerror "Sguil does not run when tcl was built with threading enabled." + eerror "Please rebuild tcl without threads and reemerge this ebuild." + eerror + die + fi + + if ! built_with_use snort sguil ; then + eerror + eerror "You need to emerge snort with 'sguil' USE flag to get" + eerror "the full sguil functionality" + eerror + die + fi + enewgroup sguil + enewuser sguil -1 -1 /var/lib/sguil sguil + +} + +src_unpack() { + unpack ${A} + cd ${S}/sensor + sed -i -e 's:192.168.8.1:127.0.0.1:' -e "s:gateway:${HOSTNAME}:" \ + -e 's:/snort_data:/var/lib/sguil:' -e 's:DAEMON 0:DAEMON 1:' \ + -e 's:DEBUG 1:DEBUG 0:g' sensor_agent.conf || die "sed failed" +} + +src_install() { + + dodoc doc/* + + dobin sensor/sensor_agent.tcl + + newinitd "${FILESDIR}/log_packets.initd" log_packets + newinitd "${FILESDIR}/sensor_agent.initd" sensor_agent + insinto /etc/sguil + doins sensor/sensor_agent.conf + + # Create the directory structure + diropts -g sguil -o sguil + keepdir /var/lib/sguil /var/run/sguil /var/run/sguil/archive \ + "/var/lib/sguil/${HOSTNAME}" \ + "/var/lib/sguil/${HOSTNAME}/portscans" \ + "/var/lib/sguil/${HOSTNAME}/ssn_logs" \ + "/var/lib/sguil/${HOSTNAME}/dailylogs" \ + "/var/lib/sguil/${HOSTNAME}/sancp" + +} + +pkg_postinst() { + einfo + einfo "You should check /etc/sguil/sensor_agent.conf and" + einfo "/etc/init.d/logpackets and ensure that they are accurate" + einfo "for your environment. They should work providing that you" + einfo "are running the sensor on the same machine as the server." + einfo "This ebuild assumes that you are running a single sensor" + einfo "environment, if this is not the case then you must make sure" + einfo "to modify /etc/sguil/sensor_agent.conf and" + einfo "/etc/init.d/log_packets and change the HOSTNAME variable." + einfo +} + diff --git a/net-analyzer/sguil-server/ChangeLog b/net-analyzer/sguil-server/ChangeLog new file mode 100644 index 000000000000..bbf9d030b030 --- /dev/null +++ b/net-analyzer/sguil-server/ChangeLog @@ -0,0 +1,10 @@ +# ChangeLog for net-analyzer/sguil-server +# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sguil-server/ChangeLog,v 1.1 2005/10/08 14:01:29 strerror Exp $ + +*sguil-server-0.5.3 (08 Oct 2005) + + 08 Oct 2005; Benjamin Smee <strerror@gentoo.org> +files/sguild.confd, + +files/sguild.initd, +metadata.xml, +sguil-server-0.5.3.ebuild: + Initial import + diff --git a/net-analyzer/sguil-server/Manifest b/net-analyzer/sguil-server/Manifest new file mode 100644 index 000000000000..d8bbfe0f21d3 --- /dev/null +++ b/net-analyzer/sguil-server/Manifest @@ -0,0 +1,4 @@ +MD5 a404aa4a6f1740974826b26331d542dc sguil-server-0.5.3.ebuild 2738 +MD5 0be733a9afedd03d8a6769142ec3a389 files/sguild.confd 616 +MD5 fff5ca1be3a8e56fdd55ad9c95d75bc9 files/sguild.initd 1234 +MD5 9f4730ccda90d1234e864f039ed296e1 files/digest-sguil-server-0.5.3 69 diff --git a/net-analyzer/sguil-server/files/digest-sguil-server-0.5.3 b/net-analyzer/sguil-server/files/digest-sguil-server-0.5.3 new file mode 100644 index 000000000000..ca26781be4f3 --- /dev/null +++ b/net-analyzer/sguil-server/files/digest-sguil-server-0.5.3 @@ -0,0 +1 @@ +MD5 7270f457a36f45bd41866ebddcb45e45 sguil-server-0.5.3.tar.gz 62861 diff --git a/net-analyzer/sguil-server/files/sguild.confd b/net-analyzer/sguil-server/files/sguild.confd new file mode 100644 index 000000000000..9941b9b017f8 --- /dev/null +++ b/net-analyzer/sguil-server/files/sguild.confd @@ -0,0 +1,23 @@ +# Config file for /etc/init.d/sguild + +#PATH to the sguild config (sguild.conf) file. +#CONF=/etc/sguil/sguild.conf + +#PATH to the sguild config (autocat.conf) file. +#AUTOCAT=/etc/sguil/autocat.conf + +#PATH to the sguild global queries (sguild.queries) file. +#QUERIES=/etc/sguil/sguild.queries + +#PATH to the sguild users (sguild.users) file. +#USERS=/etc/sguil/sguild.users + +#PATH to the sguild access file +#ACCESS=/etc/sguil/sguild.access + +#Directory that contains sguild.pem and sguild.key +#Uncomment to enable openssl connectivity +#OPENSSLPATH="/etc/sguil/" + +#For any other options you wish to add +#EXTRA_SGUILD_OPTS= diff --git a/net-analyzer/sguil-server/files/sguild.initd b/net-analyzer/sguil-server/files/sguild.initd new file mode 100755 index 000000000000..321cc56a1af4 --- /dev/null +++ b/net-analyzer/sguil-server/files/sguild.initd @@ -0,0 +1,48 @@ +#!/sbin/runscript +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sguil-server/files/sguild.initd,v 1.1 2005/10/08 14:01:29 strerror Exp $ + + + +[ -z "${CONF}" ] && CONF="/etc/sguil/sguild.conf" +[ -z "${AUTOCAT}" ] && AUTOCAT="/etc/sguil/autocat.conf" +[ -z "${QUERIES}" ] && QUERIES="/etc/sguil/sguild.queries" +[ -z "${USERS}" ] && USERS="/etc/sguil/sguild.users" +[ -z "${ACCESS}" ] && AUTOCAT="/etc/sguil/sguild.access" + +SGUILD_OPTS="-D -c ${CONF} -u ${USERS} -A ${ACCESS}" + +[ -n "${OPENSSLPATH}" ] && SGUILD_OPTS="${SGUILD_OPTS} -o -C ${OPENSSLPATH}" + +depend() { + need net + use mysql +} + +checkconfig() { + + [ -f "${CONF}" ] || return 1 + [ -f "${AUTOCAT}" ] || return 1 + [ -f "${QUERIES}" ] || return 1 + [ -f "${USERS}" ] || return 1 + [ -f "${ACCESS}" ] || return 1 + if [ -n "${OPENSSLPATH}" ]; then + [ -f "${OPENSSLPATH}/sguild.key" ] || return 1 + [ -f "${OPENSSLPATH}/sguild.pem" ] || return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting sguild" + start-stop-daemon --start --quiet -c sguil --exec /usr/bin/sguild \ + -- ${SGUILD_OPTS} ${EXTRA_SGUILD_OPTS} -D -P /var/run/sguil/sguild.pid + eend $? +} + +stop() { + ebegin "Stopping sguild" + start-stop-daemon --stop --quiet --pidfile /var/run/sguil/sguild.pid + eend $? +} diff --git a/net-analyzer/sguil-server/metadata.xml b/net-analyzer/sguil-server/metadata.xml new file mode 100644 index 000000000000..49f20b1c1d96 --- /dev/null +++ b/net-analyzer/sguil-server/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>netmon</herd> +<maintainer> + <email>strerror@gentoo.org</email> +</maintainer> +</pkgmetadata> diff --git a/net-analyzer/sguil-server/sguil-server-0.5.3.ebuild b/net-analyzer/sguil-server/sguil-server-0.5.3.ebuild new file mode 100644 index 000000000000..a794b3ae4d13 --- /dev/null +++ b/net-analyzer/sguil-server/sguil-server-0.5.3.ebuild @@ -0,0 +1,102 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sguil-server/sguil-server-0.5.3.ebuild,v 1.1 2005/10/08 14:01:29 strerror Exp $ + +inherit eutils ssl-cert + +DESCRIPTION="Daemon for Sguil Network Security Monitoring" +HOMEPAGE="http://sguil.sourceforge.net" +SRC_URI="mirror://sourceforge/sguil/sguil-server-${PV}.tar.gz" +LICENSE="QPL" +SLOT="0" +KEYWORDS="~x86" +IUSE="ssl" + +DEPEND=">=dev-lang/tcl-8.3 + >=dev-tcltk/tclx-8.3 + dev-tcltk/tcllib + dev-tcltk/mysqltcl + ssl? >=dev-tcltk/tls-1.4.1" +RDEPEND="${DEPEND} + net-analyzer/p0f + net-analyzer/tcpflow + net-misc/openssh" + +S=${WORKDIR}/sguil-${PV} + +pkg_setup() { + if built_with_use tcl threads ; then + eerror + eerror "Sguil does not run when tcl was built with threading enabled." + eerror "Please rebuild tcl without threads and reemerge this ebuild." + eerror + die + fi + enewgroup sguil + enewuser sguil -1 -1 /var/lib/sguil sguil +} + +src_unpack(){ + unpack ${A} + cd ${S}/server + sed -i -e 's:DEBUG 2:DEBUG 1:' -e 's:DAEMON 0:DAEMON 1:' \ + -e 's:SGUILD_LIB_PATH ./lib:SGUILD_LIB_PATH /usr/lib/sguild:g' \ + -e 's:/sguild_data/rules:/var/lib/sguil/rules:g' \ + -e 's:/sguild_data/archive:/var/lib/sguil/archive:g' \ + sguild.conf || die "sed failed" +} + +src_install(){ + dodoc server/sql_scripts/* + dodoc doc/CHANGES doc/OPENSSL.README doc/USAGE doc/INSTALL \ + doc/TODO doc/sguildb.dia + + insopts -m640 + insinto /etc/sguil + doins server/{sguild.users,sguild.conf,sguild.queries,sguild.access,autocat.conf} + + insinto /usr/lib/sguild + doins server/lib/* + dobin server/sguild + newinitd "${FILESDIR}/sguild.initd" sguild + newconfd "${FILESDIR}/sguild.confd" sguild + + if use ssl + then + sed -i -e "s/#OPENSSL/OPENSSL/" "${D}/etc/conf.d/sguild" + + if ! [ -f ${ROOT}/etc/sguil/sguild.key ]; then + insinto /etc/sguil + docert sguild + fi + fi + + diropts -g sguil -o sguil + keepdir /var/run/sguil \ + /var/lib/sguil \ + /var/lib/sguil/archive \ + /var/lib/sguil/rules + +} + +pkg_postinst(){ + + if [ -d ${ROOT}/etc/snort/rules ] ; then + ln -s /etc/snort/rules ${ROOT}/var/lib/sguil/rules/${HOSTNAME} + fi + + einfo + einfo "Please customize the sguild configuration files in /etc/sguild before" + einfo "trying to run the daemon. Additionally you will need to setup the" + einfo "mysql database. See /usr/share/doc/${PF}/INSTALL.gz for information." + einfo "Please note that it is STRONGLY recommended to mount a separate" + einfo "filesystem at /var/lib/sguil for both space and performance reasons" + einfo "as a large amount of data will be kept in the directory structure" + einfo "underneath that top directory." + einfo + einfo "You should create the sguild db as per the instructions in" + einfo "/usr/share/doc/${PF}/INSTALL.gz and use the appropriate" + einfo "database setup script located in the same directory." + + einfo +} |